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DETAILED ACTION 

1 . The application having Application No. 1 0,067,446 has a total of 24 claims 
pending in the application; there are 4 independent claims and 20 dependent 
claims, all of which are ready for examination by the examiner. Claims 1-24 have 
been examined. r 

Claim Rejections - 35 (JSC § 112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Regarding claims 1-3, 8, 18, and 21, the phrase "service ticket" is indefinite as it 

is unclear how applicant is defining the phrase. The usage of the phrase in the 

claims is different than the definition provided in the specification. The 

specification appears to use the temri to mean ticket granting ticket. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 
that form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-24 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Windows 2000 Kerberos Authentication White Paper, Microsoft Corporation, 
1 999 (herein referred to as Reference 1 ). 
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4. As per claim 1 , Reference 1 depict a method of verifying client authorization 
when requesting content and/or services from an application server, comprising 
the steps of: 

generating a service ticket including a first copy of authorization data (pg. 27, 
para. 5, lines 3-5; Reference 1 teaches that authorization data is gathered or 
generated In two separate steps (or copies), the first takes place when the KDC 
in a Windows 2000 domain prepares a TGT.); and 

sending a second copy of the authorization data to a client (pg. 27, para. 4, 
lines 4-6; Reference 1 teaches that authorization data is gathered or generated in 
two separate steps (or copies), the second takes place when the KDC in a 
Windows 2000 domain prepares a session ticket.); and 

sending the service ticket to the client (pg. 27, para. 4, lines 1-3). 

5. As per claim 2, Reference 1 depict the method as claimed in claim 1 , further 
comprising the step of: 

generating an AS_REP, including the service ticket and the second copy of 
the authorization data (pg. 27, para. 5, lines 1-4; pg. 27, para. 4, lines 4-6); and 
sending the AS_REP to the client (pg. 27, para. 5, lines 4-5). 

6. As per claim 3, Reference 1 depict the method as claimed in claim 1 , further 
comprising the steps of: 

generating a ticket granting server reply (TGS_REP) including the service 
ticket (pg. 27, para. 6, lines 1-7), and 

sending the ticket granting server reply to the client (pg. 27. para. 6, lines 1-7). 
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7. As per claim 4, Reference 1 depict the method as claimed in claim 3, further 
comprising the steps of: 

receiving an authentication server request (AS_REQ) message from a client 
(pg. 27, para. 5, lines 1-2); 

generating an authentication sen/er reply (AS_REP) message (pg. 27, para. 5, 
lines 1-4); 

sending the AS_REP to the client (pg. 27, para. 5, lines 2-5); 

receiving a ticket granting server request (TGS_REQ) message from the 
client (pg. 27, para. 6, line 1); and 

the step of generating the TGS_REP including generating the TGS_REP 
having two or more copies of authorization data including the second copy of the 
authorization data (pg. 27, para. 6, lines 1-7; pg. 27, para. 4, lines 4-6). 

8. As per claim 5, Reference 1 depict the method as claimed in claim 3, further 
comprising the steps of: 

generating an authentication server reply (AS_REP) message Including the 
second copy of the authorization data (pg. 27, para. 5, lines 1-4; pg. 27, para. 4, 
lines 4-6); and 

sending the AS_REP to the client including the step of sending the second 
copy of the authorization data to the client (pg. 27, para. 5, lines 1-4; pg. 27, 
para. 4, lines 4-6). 

9. As per claim 6, Reference 1 depict the method as claimed In claim 3, further 
comprising the steps of: 
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configuring the second copy of tlie autliorization data such that the second 
copy of the authorization data is used by the client (pg. 32, step 2; pg. 27, para. 
4, lines 4-6);. 

10. As per claim 7, Reference 1 depict the method as claimed in claim 6, further 
comprising the step of: 

encrypting the second copy of the authorization data using a client session 
key (pg. 32, step 2; pg. 27, para. 4, lines 4-6). 

11. As per claim 8, Reference 1 depict the method as claimed in claim 7, further 
comprising the step of: 

encrypting the service ticket using the server service key (pg. 32, step 2). 

12. As per claim 9, Reference 1 depict the method as claimed in claim 7, wherein 
the step of encrypting using the client session key including using the session 
key from a ticket granting ticket in an AS_REP (pg. 32, step 2). 

13. As per claim 10, Reference 1 depict the method as claimed in claim 6, further 
comprising the steps of: 

the client detemiining desired content (pg. 31, para. 1); 

the client verifying the desired content with the second copy of the 
authorization data (pg. 32, step 1 ; pg. 27, para. 4, lines 4-6); 

the client generating a request for content (pg. 32, step 1); 

the client sending the request for content to a third party server (pg. 32, step 
2); and 

the third party server sending third party information to the client later used by 
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the application server in determining client authorization for the requested 
content (pg. 32, step 2). 

14. As per claim 11, Reference 1 depict the method as claimed in claim 6, further 
comprising the steps of: 

receiving a key request (KEY_REQ) from the client (pg. 32, step 1); 

generating a key reply (KEY_REP) (pg. 32, step 2); 

fonwarding the KEY_REP to the client (pg. 32, step 2); 

the client generating a request for content (pg. 32, step 1); 

the client verifying the request for content with the second copy of the 
authorization data (pg. 32, step 2; pg. 27, para. 4, lines 4-6); and 

the client sending the request for content to an application server if the client 
verifies there are no errors in the request for content (pg. 32, step 2). 

15. As per claim 12, Reference 1 depict the method as claimed in claim 6, further 
comprising the steps of: 

receiving a request for content (pg. 27, para. 5, lines 1-2); 
sending at least a portion of the requested content to the client (pg. 27, para. 
5, lines 4-5); and 

the step of configuring the second copy of the authorization data including 
configuring the second copy of the authorization data such that the client is 
capable of using the second copy of the authorization to detemnine at least an 
authorized use of the requested content (pg. 27, para. 4, lines 1-3; pg. 27, para. 
4, lines 4-6). 
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16. As per claim 13, Reference 1 depict the method as claimed in claim 12, 
further comprising the steps of: 

the step of configuring the second copy of the authorization data such that the 
client is capable of using the second copy of the authorization to determine If the 
client is authorized to store the requested content (pg. 27, para. 4, lines 1-6). 

17. As per claim 14, Reference 1 depict the method as claimed in claim 13, 
further comprising the steps of: 

the step of configuring the second copy of the authorization data such that the 
client is capable of using the second copy of the authorization to determine if the 
client is authorized to play back the requested content (pg. 27, para. 4, lines 1-6). 

18. As per claim 15, Reference 1 depict a system for providing secure 
communication across the system, comprising: 

a key distribution center (KDC) first stage being configured to Issue a ticket 
granting ticket (TGT) to a client (pg. 27, para. 5, lines 1-2); and 

a KDC second stage being configured to generate a ticket granting server 
reply including at least two copies of authorization data in response to a TGT 
received from the client (pg. 27, para. 6, lines 1-7; pg. 27, para. 4, lines 4-6). 

19. As per daim 16, Reference 1 depict the system as claimed In claim 15, further 
comprising: 

the client being configured to receive the ticket granting server reply and to 
utilize one copy of the authorization data to verify authorization (pg. 27, para. 6, 
lines 1-7). 
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20. As per claim 17, Reference 1 depict the system as claimed in claim 15, further 
comprising: 

the client being coupled with an application server, wherein the application 
server being configured to supply content to the client (pg. 27, para. 4, lines 1-3); 
and 

the client being further configured to use the one copy of the authorization 
data to verify authorized use of the content (pg. 27, para. 4, lines 3-7). 

21 . As per claim 18, Reference 1 depict a system for providing a client with 
access to content and/or services, 

comprising the steps of: 

a means for generating a service ticket including a first copy of authorization 
data(pg. 27, para. 4., lines 3-6; pg. 27, para. 5, lines 3-5); 

a means for generating a ticket granting server reply including the service 
ticket and a second copy of the authorization data (pg. 27, para. 6, lines 1-7; pg. 
27, para. 4, lines 4-6); and 

a means for sending the ticket granting server reply to a client (pg. 27, para. 4, 
lines 1-3). 

22. As per claim 19, Reference 1 depict the system as claimed in claim 18, 
wherein the means for generating the ticket granting server reply includes a 
means for encrypting at least the second copy of the authorization data using a 
client session key (pg. 32, step 2; pg. 27, para. 4, lines 4-6). 
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23. As per claim 20, Reference 1 depict the system as claimed in claim 19, 
wherein the means for encrypting at least the second authorization data includes 
a means for encrypting at least the second copy of the authorization data such 
that the client is capable of decrypting and utilizing the second copy of the 
authorization data (pg. 32, step 2; pg. 27, para. 4, lines 4-6). 

24. As per claim 21 , Reference 1 depict the system as claimed in claim 20, 
wherein the means for generating the service ticket includes a means for 
encrypting at least the first copy of the authorization data using a server key (pg. 
32, step 2; pg. 27, para. 5, lines 3-5). 

25. As per claim 22, Reference 1 depict the system as claimed in claim 18, 
wherein the second copy of the authorization data being configured to allow the 
client to verify a request for services from an application server (pg. 27, para. 5, 
lines 1-8; pg. 27, para. 4, lines 4-6). 

26. As per claim 23, Reference 1 depict the system as claimed in claim 18, 
vyherein the second copy of the authorization data being configured to allow the 
client to determine authorized use of received content (pg. 27, para. 4, lines 1-3; 
pg. 27, para. 4, lines 4-6). 

27. As per claim 24, Reference 1 depict a system for providing secure 
communication across the system, comprising: 

a key distribution center (KDC) first stage being configured to issue a ticket 
granting ticket (TGT) and at least a client copy of authorization data to a client 
(pg. 27, para. 5, lines 3-5), 
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wherein the client copy of the authorization data is configured such that the 
client is capable of determining client authorization (pg. 27, para. 4, lines 1-6; 
para. 5, lines 1-8); and 

a KDC second stage being configured to generate a ticket granting server 
reply (pg. 27, para. 6, 1-3; pg. 27, para. 4, lines 4-6). 

Conclusion 

28. Any inquiry concerning this communication or earlier communications should 
be directed to Nima Khomassi whose telephone number is (571.) 272-3775. The 
examiner can normally be reached Monday-Friday from 8:30 AM to 5:00 PM. 

29. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron Jr., can be reached at (571) 272-3799. 

30. The fax number for Formal or Official faxes to Technology Center 2100 is 
571-273-8300. On July 15, 2005, the Central Facsimile (FAX) Number changed 
from 703-872-9306 to 571-273-8300. As of September 15, 2005, the old number 
is no longer in service and 571-273-8300 is the only facsimile number recognized 
for centralized delivery. 

31 . Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have any questions on access to the Private PAIR 
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system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 




Nima Khomassi 
September 26, 2005 
Art Unit #2132 




GILBERTO BARRON JA- 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



